package org.apache.syncope.sra.security.saml2;

import org.apache.syncope.sra.security.pac4j.NoOpSessionStore;
import org.apache.syncope.sra.security.pac4j.ServerWebExchangeContext;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.saml.client.SAML2Client;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.security.web.server.authentication.logout.ServerLogoutSuccessHandler;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/syncope/sra/security/saml2/SAML2LogoutResponseWebFilter.class */
public class SAML2LogoutResponseWebFilter implements WebFilter {
    private static final Logger LOG = LoggerFactory.getLogger(SAML2LogoutResponseWebFilter.class);
    public static final ServerWebExchangeMatcher MATCHER = ServerWebExchangeMatchers.pathMatchers(new String[]{"/logout/saml2/sso"});
    private final SAML2Client saml2Client;
    private final ServerLogoutSuccessHandler logoutSuccessHandler;

    public SAML2LogoutResponseWebFilter(SAML2Client sAML2Client, SAML2ServerLogoutSuccessHandler sAML2ServerLogoutSuccessHandler) {
        this.saml2Client = sAML2Client;
        this.logoutSuccessHandler = sAML2ServerLogoutSuccessHandler;
    }

    private Mono<Void> handleLogoutResponse(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain, ServerWebExchangeContext serverWebExchangeContext) {
        try {
            CallContext callContext = new CallContext(serverWebExchangeContext, NoOpSessionStore.INSTANCE);
            this.saml2Client.getLogoutProcessor().processLogout(callContext, (Credentials) this.saml2Client.getCredentialsExtractor().extract(callContext).orElseThrow(() -> {
                return new IllegalStateException("Could not extract credentials");
            }));
        } catch (Exception e) {
            LOG.error("Could not validate LogoutResponse", e);
        }
        return this.logoutSuccessHandler.onLogoutSuccess(new WebFilterExchange(serverWebExchange, webFilterChain), (Authentication) null);
    }

    private Mono<Void> handleGET(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return serverWebExchange.getRequest().getQueryParams().getFirst("SAMLResponse") != null ? handleLogoutResponse(serverWebExchange, webFilterChain, new ServerWebExchangeContext(serverWebExchange)) : webFilterChain.filter(serverWebExchange).then(Mono.empty());
    }

    private Mono<Void> handlePOST(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return serverWebExchange.getFormData().filter(multiValueMap -> {
            return multiValueMap.containsKey("SAMLResponse");
        }).flatMap(multiValueMap2 -> {
            return handleLogoutResponse(serverWebExchange, webFilterChain, new ServerWebExchangeContext(serverWebExchange).setForm(multiValueMap2));
        }).or(webFilterChain.filter(serverWebExchange).then(Mono.empty()));
    }

    public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
        return MATCHER.matches(serverWebExchange).filter((v0) -> {
            return v0.isMatch();
        }).switchIfEmpty(webFilterChain.filter(serverWebExchange).then(Mono.empty())).flatMap(matchResult -> {
            return serverWebExchange.getRequest().getMethod() == HttpMethod.GET ? handleGET(serverWebExchange, webFilterChain) : serverWebExchange.getRequest().getMethod() == HttpMethod.POST ? handlePOST(serverWebExchange, webFilterChain) : Mono.error(() -> {
                return new UnsupportedOperationException("Unsupported HTTP method: " + String.valueOf(serverWebExchange.getRequest().getMethod()));
            });
        });
    }
}
